Controller: Frey & Frey AG, Industriestrasse 26, CH-3175 Flamatt, Schweiz
Any data subject can contact our company’s data protection officer directly at any time with queries or suggestions regarding data protection.
As at: 27/11/2020
1. BASIC INFORMATION ON DATA PROCESSING AND LEGAL FOUNDATIONS
For the terminology used such as “personal data”, pseudonymisation, consent, controller or the “processing” of such data, we refer to the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).
All terms employed such as “user” are to be understood as gender-neutral.
We only process users’ personal data in compliance with the relevant data privacy provisions (Swiss data protection law and in one use case regarding Art. 3 EU GDPR, the EU GDPR). This means user data will only be processed if this is allowed under the law, i.e. in particular if the data processing is required in order to provide our contractual services (e.g. processing orders) and online services, or mandated in law.
Persons aged under 18 should not transmit any personal data to us without the approval of their parents or guardians. We do not ask children or adolescents to send us any personal data. We do not knowingly collect such data, nor do we pass such data on to third parties.
2. COLLECTION OF ACCESS DATA AND LOG FILES
Every time a person or an automated system accesses the website, we collect a series of general data as well as other information. These general data and other information are stored in the server’s log files. The data collected may include the name of the website visited, the file retrieved, the date and time of retrieval, the data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), IP address and the requesting provider.
If users leave comments or other contributions, their IP addresses are stored.
For security reasons (e.g. to investigate abuse or fraud), log file information is stored for a maximum of one month and then deleted. Data which need to be retained for longer as evidence are not liable for deletion until the case in question has been conclusively investigated.
3. TRANSMISSION OF DATA TO THIRD PARTIES AND EXTERNAL PROVIDERS
Data logged when our internet offering is accessed will only be transferred to third parties if we are legally or contractually obliged to do so, compelled by a court ruling or on the basis of legitimate interests.
In the event that info material, brochures or products are ordered, we will only use the personal information entered by you within our company, or only pass it on to companies tasked with processing the order. No such data will be passed on to third parties, for commercial or non-commercial purposes, without your express consent.
If we use subcontractors to provide our services, we will make suitable legal arrangements and implement appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory regulations.
4. DATA PROCESSING AS PART OF THE PROVISION OF CONTRACTUAL SERVICES
We process existing data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contacts, payment information) for the purpose of meeting our contractual obligations and providing our services in accordance with Art. 6 (1) lit. b GDPR.
5. CONTACT AND ORDERS
When users contact us (through a contact form or by email), their details will be processed in order to handle and deal with their enquiry in accordance with Art. 6 (1) lit. b GDPR.
When you order information material, brochures or products, we will ask you for your name and other personal information. It is entirely at your discretion whether you wish to communicate these details. The personal data you provide when you order will only be used for processing that order. This includes transmitting the data to distribution companies commissioned by us.
Your data will be used exclusively for direct correspondence with you.
6. COOKIES AND MEASUREMENT OF REACH
Cookies represent information transmitted by our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
If users do not wish cookies to be stored on their computer, they will be asked to deactivate the corresponding option in their browser’s system settings. Any cookies saved can be deleted in the browser’s system settings. The refusal of cookies may lead to restrictions in the way in which this online offering works.
) and in addition the US website (
) or the European website (
7. GOOGLE ANALYTICS
We use Google Analytics (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis constitutes the collection and evaluation of data on the behaviour of visitors to websites. Among other things, a web analysis service records the website from which a particular person has come to a website (so-called referrer), which pages on the site were accessed or how often and for how long a page was viewed. Web analysis is used primarily to optimise a website and to conduct a cost-benefit analysis of internet advertising.
The anonymisation function causes your IP address to be truncated and therefore anonymised before it is transmitted to the USA. As a result, Google is unable in any circumstances to associate your IP address with other Google data.
The Google Analytics component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google is certified under the Privacy Shield Framework, thereby guaranteeing compliance with European data protection law. (
Google will use this information on our behalf to evaluate the use of our online service, to compile reports on the activities within this online service and to provide us with other services related to this online service and internet usage. Pseudonymous usage profiles of users may be created from the data processed in this respect.
We only use Google Analytics with IP anonymisation activated. This means users’ IP addresses are first truncated by Google within Member States of the European Union or in other Member States of the European Economic Area Agreement. Only in exceptional circumstances will your full IP address be transferred to a Google server in the USA and truncated there.
Google will not combine the IP address transferred by the user’s browser with any other data held by Google. Users can prevent the storage of cookies by means of a corresponding setting in their browser software; users can also prevent the capture of data generated by the cookie and relating to their use of the online offering, their transmission to Google and the processing of such data by Google by downloading and installing the browser plugin available on the following: https://tools.google.com/dlpage/gaoptout?hl=de
You can find further information on Google’s use of data, setting options and opportunities to object on Google’s web pages:
(„Google’s use of data when you use the websites or apps of our partners“), https://www.google.com/policies/technologies/ads
(“Data usage for advertising purposes”),
(“Managing information used by Google to show you advertising”).
You can call up further information and Google’s latest data protection provisions at
Further information on Google Analytics can be found on this link:
8. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT
Within our online offering, we use third-party content or service offers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offering as defined by Art. 6 (1) lit. f GDPR) in order to integrate their content and services such as videos or fonts (hereinafter referred to collectively as “content”). This always presupposes that the third-party providers of such content register the users’ IP addresses as they could not send their content to users’ browsers without their IP addresses. The IP address is therefore required for the presentation of such content. We make every effort to only use content, the providers of which use the IP address only to deliver content. Third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Thanks to pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored on the user’s device in cookies, and among other things, it can contain technical details of the browser and operating system, referring websites, time of visit and further information on the use of our online offering, and these details can also be combined with similar information from other sources.
The following presentation offers an overview of third-party providers as well as their content, together with links to their data privacy policies containing further information on the processing of data and opt-out options some of which have already been specified here:
- External fonts from Google, Inc.,
9. RIGHTS OF DATA SUBJECTS
Every data subject has the right to request confirmation as to whether we are processing their personal data.
Every data subject can request information from us at any time free of charge (a fee can be charged if such requests are made multiple times or abused) about the personal data relating to them that are stored by us. We can also issue the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data were disclosed or are still being disclosed, particularly in the case of recipients in third countries or international organisations
- if possible, the planned length of time for which the personal data will be stored, or if this is not possible, the criteria for defining this duration
- the existence of any right to rectification or erasure of the personal data relating to them, or any right to restrict processing by the controller or any right of objection to such processing the existence of a right of complaint to a regulatory authority
- if the personal data have not been collected from the data subject: all available information on the origin of the data
- the existence of automated decision-making, including profiling and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to request information on whether their personal data have been transferred to a third country or to an international organisation. In this case, the data subject also has the right to receive information on the appropriate guarantees with respect to the transfer.
Every data subject has the right to request the immediate rectification of incorrect personal data relating to them. Taking into account the purposes of the processing, the data subject is also entitled to have incomplete personal data completed, also by means a supplementary statement.
Every data subject has the right to request the erasure of any personal data relating to them if there are legal grounds for the erasure and the processing is not necessary.
Every data subject has the right to ask the controller to restrict the processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject for a length of time which allows the controller to review the accuracy of the personal data.
- The processing is illegal, the data subject rejects the erasure of their personal data and instead requests that the use of their personal data be restricted.
- The controller has no further need of the personal data for the purposes of processing, but the data subject needs them in order to assert, exercise or defend legal interests.
- The data subject has objected to the processing, and it has not yet been determined whether the controller’s legitimate reasons outweigh those of the data subject.
Every data subject has the right to receive the personal data relating to them that the data subject has provided to a controller, in a structured, conventional, machine-readable format or to request their transfer to another controller. Assuming the data are processed with the aid of automated procedures.
Every data subject has the right to object at any time to the processing of personal data relating to them for reasons arising from their particular situation.
Every data subject has the right at any time to revoke their consent to the processing of personal data.
If a data subject would like to make use of one or more of their rights, they can turn to our data protection officer at any time.
10. ERASURE OF DATA
The data stored by us will be erased as soon as they are no longer required for their intended purpose and their erasure does not conflict with any legal obligations to retain them. If users’ data are not erased because they are required for other, legally permissible purposes, their processing will be restricted. This means the data are locked and not processed for other purposes. For example, this applies to user data which have to be retained for reasons of commercial or tax law.
11. RIGHT OF OBJECTION
Users can object at any time to the future processing of their personal data in accordance with statutory requirements. This objection can be lodged especially against processing the data for direct marketing purposes.
12. SECURITY MEASURES
We implement state-of-the-art, organisational, contractual and technical security measures to ensure that the regulations contained in data protection laws are observed and to protect the data processed by us against accidental or deliberate manipulation, loss, destruction or unauthorised access.